For my first post, I'll just cover some findings on the usage of elf sections in AMD64 assembly stored in well, elfs. While you can call a section almost anything you want, there are some standard sections a compiler/linker uses. These are obviously all documented somewhere, I don't seem to very very good at finding it with a search engine though, so fragmented findings will have to do.

Where did this desire to know more come from? Well, someone on irc was wondering if an elf was statically or dynamically linked, despite being built as static since some tools reported it as static, and some reported as it containing dynamic sections. As it turns out, it seems that the compiler/linker decided to use the .dynamic section, despite that section name seemingly being reserved for machine code that sets up usage of a dynamic library.

Running the program and checking strace did show that the elf was indeed static, so that section name was misleading. This left me with a desire to know what the standard section names and usage was. My findings are below.

.interp

• Not really sure what this one is for.

.note.ABI-tag

• Seems to be a marker of some ABI version.

.gnu.hash

• Contains some version string with gnu in the name.

.dynsym

• Seeminly contains an offset into .dynstr, where the name of the external symbol can be found. Not used in fully static elfs.

.dynstr

• Seeminly contains the strings of external symbols. Not used in fully static elfs.

.dynamic

• Seeminly contains refrences to .dynstr via .dynsym, which the dynamic loader interprets to find which librarys to load. May be used by static elfs for some other unknown purpose.

.gnu.version

• Another version string with GNU in the name.

.gnu.version_r

• Yet another version string with GNU in the name.

.eh_frame

• Seems to contain execption unwinding and source language information.

.comment

• Seems to contain something to do with comments.

.bss

• Contains uninitalised data that may be written to. Gcc's linker doesn't seem to use this.

.rodata

• Contains initalised data that is read only.

.data

• Contains initalized data that read and write. May be jmp'd to for execution, but no compiler will ever decide to do that.

.text

• Where the main program is located, containing _start, main and any other function.

That's all I got for now.

Hi there, this is my new blog. I use only HTML and css. No blog backend used, since that would mean having to use php. I guess I'll document progress on my personal projects when I actually have time to work on them. If this blog gets to be more than a few pages, I guess I'll have to make my own blog backend with fastcgi, I doubt it though.